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Response to Amendment 

1. The amendment filed on November 20, 2006 has been fully 
considered but are not deemed persuasive. 

Response to Amendment 

2. In response to Applicant's argument in page 2, third 
paragraph that "there is no functionality in the Primak patent 
directed to routing the packet to its destination if the packet 
is not destined for the server of interest." Examiner 
respectfully disagrees. Primak teaches "Each time a request for 
content is received from the client 60, the dynamic content 
router 10 examines the header of the request for a session ID. 
If the request contains a session ID, the dynamic content router 
*10 compares the session ID against the entries in the session 
table 12. If the session ID of the request matches a session ID 
in one of the session records stored in the session table 12, 
the dynamic content router 10 instructs the plug-in 22b to route 
the request to the application server associated with the 
session server ID in the matching session record. However, if no 
matching session record is found, the dynamic content router 10 
selects an application server based on some criteria, such as 
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available capacity, access to a database containing the 
requested data, randomly, etc." (Col. 8, lines 38-51). 
Therefore, Primak teaches routing a packet to a server of 
interest based on the session ID or other wise forward to an 
appropriate server based on accessing a database containing the 
requested data (request destination) . 

As to applicant's argument that combining Canion with Primak 
seems improbable (page 3, second paragraph) . Examiner disagrees 
nothing in Primak precludes to' drop a packet. Primak is silent 
about dropping a packet that is why Canion is combined with 
Primak to cure this deficiency. 

• Claims 10,14-16 and 26-31 have been previously canceled. 

• Claims 1-9,1-13,17-25 and 32 are presented for examination. 

Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. lOSjIa) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
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art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

3. Claims 1-3,10-11,17-19,22, and 32 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Primak et al USPN 
(6598077) in view of Canion et al USPN. (20020108059) . 

As per claim 1, and 17, Primak teaches in a routing device 
(dynamic route 10), a method of operation comprising: 

receiving a packet sent by a client device [a client's 
request for dynamic content to the dynamic content router. The 
dynamic content router then determines the appropriate 
application server or application cluster for the client's 
request based on number of factors, including but not limited to 
the content availability, data server's capacity and session 
persistence. Col. 3, lines 59 to col. 4, line 5) ; 

determining if the packet is destined for a server of 
interest by reference to a destination address of the packet 
(When a session is established between the -client and the 
selected application server, the dynamic content router examines 
the session communications to determine or extract a client 
identifier (also referred to herein as a content identifier) . 
The dynamic content router utilizes the content identifier to 
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determine if the client is already logged onto one of the 
application servers on the site col. 4, lines 16-26 and col. 6, 
lines 9-34); if the packet is not destined for the server of 
interest, routing the packet to its destination; if the packet 
is determined to be destined for the server of interest, routing 
the packet to its destination (col. 6, lines 35-43), 
independently determining whether said packet is a part of a 
conversation between the client device and the server of 
interest based at least in part on persistent information 
included in said packet [However, since the client request 
includes session ID, the dynamic router 10 can extract the 
session ID from the client request. The extracted session ID 
then can be used by the dynamic router 10" to search the session 
label 12 to find corresponding content label. That is, once the 
session ID is found in the session table 12, the dynamic content 
router can use the link to locate the content label associated 
with this client and thereafter determine the dynamic content 
based on the content label. (Col. 6, lines 9-34); and 
handling the packet based at least in part on the result of said 
independent determination by forwarding the packet to if the 
packet is deemed to be part of a conversation between the client 
and the server (col. 6, lines 9-42). 
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Although Primak shows substantial features of the claimed 
invention as explained above, he does not explicitly show 
dropping the packet if the packet is deemed to be an undesirable 
packets. 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak, as evidenced by Canion et al USPN. (20020108059). 
In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of determining whether to forward or drop a packet through a 
network in response to a conversation identifier (received 
packet information) to protect the network against undesirable 
packets, (packets with potential security violations) (5 0174- 
0177 and f 0183-0187) . Giving the teaching of Canion et al, a 
person of ordinary skill in the art would have readily 
recognized the desirability and the advantage of modifying 
Primak et al by employing the intrusion detection system of 
Canion et al in order to identify packets with potential 
security violations for the advantage of protecting the network 
against network security attacks such as denial of service 
attacks, sync attacks, ping attacks and unauthorized attacks (1 
0171 and 1 0183-0187) . 
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As per claim 2 and 18, Primak et al teach the invention, wherein 
said independent determination comprises independently verifying 
a conversation identifier included in said packet based at least 
in part on other information included (col. 4, lines 16-26 and 
col . 6, lines 9-34 ) . 

As per claim 3 and 19, Primak et al teach the invention, wherein 
said independent verification comprises independently 
regenerating the conversation identifier usirig at least said 
other information included in said packet; and 

comparing the independently re-generated conversation 
identifier with the included conversation identifier [col. 9, 
lines 20-46) . 

As per claim 11 and 22, Primak et al teaches a method of 
operation comprising : 

at least one processor (10,20, 30, fig. 2); 

generating an independently verifiable conversation 
identifier for a packet destined for a client device, using at 
least persistent information that will be included in said 
packet [col, 9, lines 20-46); 

including the independently verifiable conversation 
identifier with said packet for use by the client device to 
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include in a subsequent packet sent by the client device 
destined for the server [col. 4, lines 16-26 and col. 6, lines 
9-34]; and 

transmitting said independently verifiable conversation 
identifier included packet to said client device (col. 4, lines 
16-26 and col. 6, lines 9-34); 

Primak et al further teach a summation unit to insert the 
independently verifiable conversation identifier with a packet 
[col. 7, lines 63 to col. 8, lines 9 and col. 11, lines 41-56]; 
determining if the packet is destined for a server of interest 
by reference to a destination address of the packet (When a 
session is established between the client and the selected 
application server, the dynamic content router examines the 
session communications to determine or extract a client 
identifier (also referred to herein as a content identifier) , 
The dynamic content router utilizes the content identifier to 
determine if the client is already logged onto one of the 
application servers on the site (col. 4, lines 16-26 and col. 6, 
lines 9-34); if the packet is not destined for the server of 
interest, routing the packet to its destination; if the packet 
is determined to be destined for the server of interest, routing 
the packet to its destination (col. 6, lines 35-43), 
independently determining whether said packet is a part of a 
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conversation between the client device and the server of 
interest based at least in part on persistent information 
included in said packet [However, since the client request 
includes session ID, the dynamic router 10 can extract the 
session ID from the client request. The extracted session ID 
then can be used by the dynamic router 10 to search the session 
table 12 to find corresponding content label. That is, once the 
session ID is found in the session table 12, the dynamic content 
router can use the link to locate the content label associated 
with this client and thereafter determine the dynamic content 
based on the content label (col. 6, lines 9-34). 
Although Primak shows substantial features of the claimed . 
invention as explained above, he does not explicitly show 
dropping the packet if the packet is deemed to be an undesirable 
packets . 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak, as evidenced by Canion et al USPN. (20020108059). 
In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of determining whether to forward or drop a packet through a 
network in response to a conversation identifier (received 
packet information) to protect the network against undesirable 
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packets (packets with potential security violations) (1 0174- 
0177 and I 0183-0187) . Giving the teaching of Canion et al, a 
person of ordinary skill in the art would have readily 
recognized the desirability and the advantage of modifying 
Primak et al by employing the intrusion detection system of 
Canion et al in order to identify packets with potential 
security violations for the advantage of protecting the network 
against network security attacks such as denial of service 
attacks, sync attacks, ping attacks and unauthorized attacks (5 
0171 and 5 0183-0187) . 

V 

As per claim 32, Canion et al as modified teach the invention, 
where the function unit (processing unit) drops packets that are 
not part of the conversation identifier to protect the server 
against receipt of undesirable packets (SI 0174-0177 and i 0183- 
0187) . 

4. Claims 4-9, 12-13 and 21, 23-25 rejected under 35 U.S.C. 
103(a) as being unpatentable over Primak et al USPN (6598077) in 
view of Canion et al USPN. (20020108059) and further in view of 
Bull et al USPN (6799270) and further 



Application/Control Number: 09/825, 1 39 Page 1 1 

Art Unit: 2153 

As per claims 4 and 12, although Primak et al show substantial 
features of the claimed invention as explained in claim 1 and 11 
above, they do not explicitly show a nonce. 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak et al, as evidenced by Bull et al USPN. (16799270). 
In analogous art, Bull et al whose invention is about a system 
for securely distributing session keys over a network of a chain 
of nodes including client nodes (14), server nodes (18) and 
intermediate nodes (18), disclose a bit string of data that 
includes a nonce (randomly generated value that is concatenated 
to the end of a message) that is used for . identification and 
verification purpose [Col. 6, lines 39-50 and col. 7, lines 21- 
60] . Giving the teaching of Bull et al, a person of ordinary 
skill in the art would have readily recognized the desirability 
and the advantage of modifying Primak et al by employing the 
system of Bull et in order to generate a unique value that 
identifies a client session and to verify the integrity of the 
response coming from the server [Col. 6, lines 39-50 and col, 
7, lines 29-35] . 

Bull et al further teaches said re-generating the nonce 
using a deterministic function with a sequence number of the 
nonce and a plurality of persistent field values extracted from 
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the packet, and a pre-provided secret value as inputs to the 
deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claims 5, 13 and 24, Primak et al teach the invention, 
wherein said plurality of persistent field values comprise one 
or more of a source address, a destination address and a port 
number [client session (packet) with web server inherently 
includes a source address, a destination address and a port 
number] . 

As per claim 6, Bull et al further teach the invention as 
explained in claim 4 above, wherein the method further comprises 
at least one of receiving into said routing device said secret 
value, and equipping/configuring said routing device with said 
deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claim 7 and 25, Bull et al further teaches the invention, 
wherein said independent generation is performed using a 
selected one of a message authentication code function and an 
universal hash function [col. 5, lines 39 to Col. 6, lines 7- 
47] . 
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As per claim 8, Primak et al as modified teach the invention, 
wherein the method further comprises recording a time of first 
observation for the nonce if the nonce is a newly observed nonce 
[col. 9, lines 20-67] . 

As per claim 9, Primak et al as modified teach the invention, 
wherein the method further comprises determining if time has 
elapsed more than a predetermined threshold since a time of 
first observation was recorded for the nonce, if the . extracted 
nonce and the independently generated nonce are deemed to be the 
same [col. 9, lines 20-67]. 

As per claims 20-21 and 23, these claims include similar 
limitations as claim 4 and 12 above. Therefore, they are 
rejected with the same rationale. 

Conclusion 

5. ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is 
reminded of the extension of time policy, as set forth in 37 
CFR 1 . 136 (a) . 

A shortened statutory period for reply to this final action 
is set to expire THREE MONTHS from the mailing date of this 
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action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action 
is not mailed until after the end of the THREE-MONTH shortened 
statutory period^ then the shortened statutory period will 
expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated 
from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

The prior made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Yasin 
Barqadle whose telephone number is 571-272-3947. The examiner 
can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Glenn Burgess can be 
reached on 571-272-394 9. The fax phone numbers for the 
organization where this application or proceeding is assigned 
are 703-872-9306 for regular communications and 703-746-7238 for 
After Final communications. 
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Any inquiry of a general nature or relating to the status 
of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be 
obtained form the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications may 
be obtained from either private PAIR or public PAIR system. 
Status information for unpublished applications is available 
through private PAIR only. For more information about the PAIR 
system, see http : //pair-direct .uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free) . 
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